Open phillip-constantine opened 1 month ago
Hello, phillip-constantine! ๐
Thank you for submitting an issue for this provider. The issue will now enter into the issue lifecycle.
If you want to contribute to this project, please review the contributing guidelines and information on submitting pull requests.
Community Guidelines
Terraform
Terraform v1.9.5 on linux_amd64
Terraform Provider
2.8.3
VMware vSphere
7.0.3
Description
I do not have root vCenter permissions, but I have full admin permissions to a specific datacenter. When I use Terraform to create a folder in my DC, the folder gets created, but then Terraform says "cannot find datacenter in path: No Permission" and exists. Digging into the code, it looks like this is because during
resourceVSphereFolderRead
, thegetDatacenter
function creates aNewFinder
with all=true. As far as I can tell, this attempts to list all datacenters, which I am not allowed to do. But if I set that to false, my Terraform works fine.In the vSphere web ui, I can create and destroy any resource within my DC, which is what I expect with full admin over the DC. So it seems like a bug that in the provider it requires root permissions. Grepping for this shows there are 18 total uses of all=true in the vsphere directory, which I assume means that all affected code requires full vCenter admin permissions to run? Would it not be better to set all of these to false, or better yet, not use the Finder at all if an id is already given?
Affected Resources or Data Sources
resource/resource_vsphere_folder.go
Terraform Configuration
resource "vsphere_folder" "test" { path = "my-folder" type = "vm" datacenter_id = data.vsphere_datacenter.dc.id }
Debug Output
โ Error: cannot find datacenter from path "/US/datacenter1": NoPermission โ โ with vsphere_folder.test, โ on main.tf line 96, in resource "vsphere_folder" "test": โ 96: resource "vsphere_folder" "test" { โ
Panic Output
No response
Expected Behavior
If I have full admin over a datacenter, I should be able to create and destroy resources without needing permissions above the datacenter. This is how it works in the vSphere web console.
Actual Behavior
I cannot fully create and destroy resources without admin permissions over all of vCenter.
Steps to Reproduce
Terraform apply on a vsphere_folder resource when the user does not have permissions above the datacenter.
Environment Details
No response
Screenshots
No response
References
No response